hancitor | 6d3554b10d8c1fbdd8be1b71ebf711de8d7985a7044880918733b8eb6ab9c6cf | Triage

Sharing

General

Target

6d3554b10d8c1fbdd8be1b71ebf711de8d7985a7044880918733b8eb6ab9c6cf
Size

25KB
Sample

220625-hjcqrshhek
MD5

f5f24f1f12f570fbc6c2322dbb791765
SHA1

037725c071e9f0de3648cf8cdbe69bb9ebdeda57
SHA256

6d3554b10d8c1fbdd8be1b71ebf711de8d7985a7044880918733b8eb6ab9c6cf
SHA512

0d8e6391960c53345ea4bbc68bfb4410a8fa588b11bb463783663b5105f91afa9612b03ad50bd84b48c4e23133d0a27025ed5665e1cc76d7ad3722c306dbade7

Score

10^/10

hancitor 1812_78213

Malware Config

Extracted

Family

hancitor

Botnet

1812_78213

C2

http://unceliet.com/4/forum.php

http://fitiondice.ru/4/forum.php

http://wordlegromin.ru/4/forum.php

Targets

- Target
  
  6d3554b10d8c1fbdd8be1b71ebf711de8d7985a7044880918733b8eb6ab9c6cf
- Size
  
  25KB
- MD5
  
  f5f24f1f12f570fbc6c2322dbb791765
- SHA1
  
  037725c071e9f0de3648cf8cdbe69bb9ebdeda57
- SHA256
  
  6d3554b10d8c1fbdd8be1b71ebf711de8d7985a7044880918733b8eb6ab9c6cf
- SHA512
  
  0d8e6391960c53345ea4bbc68bfb4410a8fa588b11bb463783663b5105f91afa9612b03ad50bd84b48c4e23133d0a27025ed5665e1cc76d7ad3722c306dbade7
Score

6^/10
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

1812_78213hancitor

behavioral1

behavioral2